Ad-tech touts email-based ad personalization, but can it work in the EU? | Massachusetts’ tough privacy bill

Privacy Beat

Your weekly privacy news update.


While EU questions legality of email-based schemes, ad-tech asserts it can still personalize advertising — how does that work? 

Two key players in the advertising-technology industry say they will continue to be able to identify and track consumers even as browser makers like Apple, Google, Microsoft and Mozilla move to block so-called “third-party” cookies in 2022 or 2023.  Representatives of LiveIntent Inc. and The Trade Desk Inc. spoke during a virtual seminar Nov. 17 organized by the Interactive Advertising Bureau (IAB) and entitled, “New Rules for Digital Media: Addressability and First Party Data.”

“We have a massive identity graph,” said LiveIntent’s Jessica Munoz.  “We build this customer profile for each client . . . an encrypted ID that is unique to you . . . we know which publishers you are engaging with . . . we have information about the kinds of browser you use.”  Her massage to advertisers and publishers: “We want to help you to know who you don’t know yet who is valuable to you.” 

Jessica said LiveIntent has at least five ways clients can manage consumer privacy choices and share those choices with LiveIntent. “If they want to opt out of ads entirely, we ask that consumers reach out to us to let us know on a global level,” she said. 

Bill Michaels, of the Trade Desk, explained its Unified ID 2.0 service, which he said is non proprietary. Competing ad-tech companies can generate “UIDs” to be part of the system, which The Trade Desk says will be independently governed. No governance entity has been announced yet, however.  UID2.0 starts with an email address supplied by a publisher, which is then “hashed and salted”, Michaels said, so that it remains unique but in theory can’t be linked to an identifiable individual. He called the email-based string “a safe packet inside the bidstream” and enables “targeted personalized advertising in a way that keeps consumers identity safe.” 

Michaels said UID2.0 is being trialed in the United States and Canada and several countries in Asian by “several advertisers” — but not yet in the European Union, where the General Data Protection Regulation (GDPR) is effective. 



Ad industry interests offer “survey” findings of strong support for unspecified federal vs. state privacy actions; Ingis quoted 

A policy group supported primarily by the U.S. advertising industry asserted on Nov. 19 that a cross-section of Americans strongly favor federal privacy legislation rather than patchwork state solutions — but the survey does not appear to be specific about policy provisions the public supports, and the exact phrasing of survey questions was not released. 

It is significant that the ad industry is trying to muster federal action that would supercede state laws such as the tough California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), which the industry opposes. 

The findings of the survey, but not the survey detail itself, were announced by Privacy for America, which is championed by Stuart P. Ingis, a Washington attorney who has a reputation as a privacy-policy power broker for the advertising and publishing industries. Privacy for America has a set of proposals for privacy legislative proposals.

The report was put together by two marketing and surveying organizations, Research Narrative and InnovateMR. They said it draws on a 1,524-respondent nationwide online survey of registered voters, “across a demographic cross section of U.S. registered voters ages 18+, balancing for age, ethnic and gender representation.  Reported findings may be found HERE. A couple of key points summarized in the Privacy for American statement: 

Some 92 percent of surveyed voters “report that it is very or somewhat important that Congress pass legislation to protect consumer data privacy.” Supported was highest among Democrats (95.4%), followed by independents (92.0% and Republicans (89.3%). 

Four in every five voters want to create a national standard for all companies to follow that would “outright prohibit harmful ways of collecting, using and sharing personal information.”

“These findings make clear that an overwhelming majority of Americans want Congress to pass nationwide privacy legislation that protects all Americans, no matter where they live,” Ingis was quoted in the news release as saying. “In today’s highly polarized political climate, comprehensive privacy legislation is a rare bipartisan opportunity for Congress to deliver real protections for Americans and small businesses seeking to recover from the pandemic and protect the responsible use of data that drives our economy. We urge lawmakers from both parties to come together to make a national privacy law a reality in the United States.”


Does your organization need customized privacy compliance solutions? ITEGA  can help.

We bring together support you need to approach compliance with CCPA, GDPR if needed, and future privacy legislation as it emerges.

Learn More


Massachusetts moves to front of states proposing tough data privacy law with private-action right; $20M fines; key date Feb. 2

Privacy advocates and lobbyists for Massachusetts businesses that collect consumer data should circle on their calendar the date of Feb. 2 — by which a state Senate joint committee must report out a tough privacy bill or allow it to languish and probably die.   The “Massachusetts Information Privacy Act” (MIPA) bill got a public hearing on Oct. 13. 

Two lawyers from the Pierce Atwood LLP firm, Melanie Conroy and Peter Guffin, have been following the bill and one which died in a previous session and have written a comprehensive, nine-page summary of its provisions and hearing testimony.  The most important provisions:

  • Anyone over age 18 who believes their privacy is violated under the law can bring a civil suit and collect up to $15,000 per violation. 
  • It applies to any business that earns more than $!0,000 in annual revenue through 300 or more transactions or that processes or maintains the personal information of 10,000 or more individuals. 
  • A five-member Massachusetts Information Privacy Commission, would enforce and investigate and empower the state’s attorney general to litigate violations with civil penalties up to $20 million or 4 percent of annual global revenue of a covered entity. 

The Massachusetts law would thus be tougher in respects than California’s. Its language was reviewed by Woodrow Hartzog, the prominent privacy expert at Northeastern University, he told Privacy  Beat. 

“It is difficult to overstate the magnitude of compliance and litigation risks MIPA may create for businesses collecting data from Massachusetts consumers and employees,” Control and Guffin wrote in their bill analysis. 

Reuters and Wired assert Amazon “war” on privacy


Publisher group highlights Irish nonprofit’s latest compilation of Google/Facebook ad-tech challenge to “sustainability”

The research director of Digital Content Next (DCN), the U.S. trade association of quality digital news and magazine publishers, prominently featured an Irish nonprofit’s report detailing why the current programmatic advertising technology system is said to hurt publishers and help Google and Facebook. 

“Surveillance advertising isn’t just problematic, it east publisher revenues,” is how the account by Rande Price, DCN’s research director, is headlined.  The Irish Council of Civil Liberties report, itself yield “Sustainable without surveillance,” is authored by Johnny Ryan, a former journalist, ad-tech and privacy advocate who has been prominently seeking sanctions in the European Union against opaque ad tracking.  

Much of the report represents a re-assembly of previous disclosures and arguments, but in a compelling format. 

“Tracking-based online advertising imperils fundamental rights and publisher sustainability,” the report says.  It says four things harm publishers: (1) leakage of publishers’ audience data (2) siphoning of ad revenue off to technology intermediaries (3) spreading of user data across the web and (4) diversion of billions in ad revenues to operators of “ad fraud bots” charging for clicks on ads by non humans. 


Aspen “Commission on Information Disorder” report seen as both tech-savvy and socially conscious look at crisis for democracy 

ITEGA’s interest in privacy, identity, ad tech are subsidiaries of a larger challenge — how do we ensure that the Internet lives up to a vision to provide us the information we need to be effective and informed citizens in democracies?  A unit of the Aspen Institute, the “Commission on Information Disorder” was out with a foundation-funded report last week that focuses on abuses by social-media platforms, but touches on all of the above.

If you can’t take the time to read the whole “final report” a perceptive synopsis was provided on Nov. 19 by Damon Beres, editor-in-chief of Unfinished, a unit of Frank McCourt’s Project Liberty, in a weekly blog post. He calls the report “tech savvy and socially conscious in equal measure” and provides his own links to three other trenchant analyses of it, including: Nieman Lab’s Josh Benton’s “How do you fix an “information disorder”? The Aspen Institute has some ideas.”





Like what you see? Then recommend to a friend.

Subscribe to Privacy Beat


EU’s data-protection board expresses concerns about pending proposals

  • Various units of the European Union are considering data-protection proposals. The European Data Protection Board released a Nov. 18 statement expressing concern about some of them. Below are excerpts from the statement. 
“The proposals aim to facilitate the  further  use and  sharing  of (personal)  data  between more  public and private parties inside ‘the data economy’, to support the use of specific technologies such as Big Data and AI and to regulate online platforms and gatekeepers. Processing of personal data already is or will be a core activity of the entities, business models and technologies regulated by the proposals.

“The combined effect of the adoption and implementation of the proposals will therefore significantly impact  the  protection  of  the  fundamental  rights  to  privacy  and  to  the  protection  of  personal  data, enshrined  in  Articles 7  and  8 of the Charter of  Fundamental  Rights of the  European  Union (‘the  EU Charter’) and in Article 16 of the Treaty on the Functioning of the European Union (‘TFEU’)

“While  the  proposals  seek overall to mitigate a variety of risks, the EDPB holds serious concerns about a number of choices made and  considers  the  fundamental  rights  and  freedoms  of  individuals require  additional  protection

“The proposal for the AIR would allow for the use of AI systems categorizing individuals from biometrics (such as facial recognition) according to ethnicity, gender, as well as political or sexual  orientation,  or  other prohibited  grounds  of  discrimination . . . .

“[T]he  EDPB  reiterates  that  the  AIR should  include  a ban  on  any  use  of  AI  for  an
automated recognition of human features in publicly accessible spaces – such as of faces but also of gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals – in any context.7 The proposed AIR currently allows for the use of real-time remote biometric identification  systems  in  publicly  accessible  spaces  for  the  purpose  of  law  enforcement  in certain cases . . . .  

“The EDPB also considers that online targeted advertising should be regulated more strictly in the DSA in favour of less intrusive forms of advertising that do not require any tracking of  3 Adopted user interaction with content and urges the co-legislature to consider a phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking10 while the profiling of children should overall be prohibited.”


Privacy Beat is a weekly email update from the Information Trust Exchange Governing Association in service to its mission. Links and brief reports are compiled, summarized or analyzed by Bill Densmore and Eva Tucker.  Submit links and ideas for coverage to

Share Share

Tweet Tweet

Share Share

Forward Forward




Copyright © 2021 Information Trust Exchange Governing Association, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp